Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: gate1975mlm on June 20, 2004, 05:58:25 AM
-
Avast Pro 4.1 found the Win32Klez-H on my PC. And for some reason it will not let me delete it! And I did a scan with another Antivirus and that did not even found a virus on my pc. What is going on here? Its the Demo version.
Thanks
-
see!
-
Try clearing your temporary internet files.
Douglas
-
Klez.H? that worm is very old.
-
Maybe gate1975 is new to avast! and his/her old av didn't find it. ??? :o >:(
-
Try clearing your temporary internet files.
Douglas
I did that but the virus is still there. How can I go right to the file and delete it?
-
Try clearing your temporary internet files.
Douglas
I did that but the virus is still there. How can I go right to the file and delete it?
After clearing your temp internet files, where does it say the virus is located?
Douglas
-
As i can se he is using CursorXP which means he has Windows 2000/XP. Just schedule Boot-Time scan. That parasite will go away without any problems with this one.
-
Ok I offer another solution. Try Quick Heal Worm Killer.
Avaliable at the following adress.
http://qheal.wincleaner.com/qhwkill.com file size is 80Kb
-
Why would he complicate if he can do with avast!'s Boot-Time scan?
-
oops sorry rejzor I did not see your reply :'( ::) :-[
You are right boot time scan is easier
-
On the other hand, the boot-time scanner doesn't support many archives - I'm not sure if UPX is supported. So, the boot-time scanner may not find it.
Klez-H (or its twin Elkern-C) is a file infector... so if it's active, I'd expect more infected files to be found on the disk. Maybe it's just a file that was infected previously, "disinfected" later, but piece of the virus code were left in the file...
In any case, you may also try the avast! Virus Cleaner.
-
Lets not forget the cause of the problem this could be an exploit "Incorrect MIME Header Can Cause IE to Execute E-mail Attachment" which was patched ages ago by MS:
http://www.microsoft.com/technet/security/bulletin/MS01-020.mspx (http://www.microsoft.com/technet/security/bulletin/MS01-020.mspx)
If your computer is not patched you will be liable to reinfection, don't keep treating the symptoms, treat the cause.
Regular visits to windows update.
-
Ok I was able to delete the virus now! I had to also delete the Offline content in Internet Temp files. I never knew that. Thanks for your help.
-
This has always been my ONE (and only) negative point with avast!
When a novice user gets a virus-warning and click remove, and then gets this "file is in use" message they PANIC !!!!!
OK, we all know that there is no reason to panic (the file access IS stopped), but that isn't obvoius to a novice.
1) avast! should give better info about what is happening.
2) avast! should do everything possible to delete the file.
Other AV products I have used will mangage to clean/delete the file without having to boot or use a separate cleaner!
-
This has always been my ONE (and only) negative point with avast!
When a novice user gets a virus-warning and click remove, and then gets this "file is in use" message they PANIC !!!!!
OK, we all know that there is no reason to panic (the file access IS stopped), but that isn't obvoius to a novice.
1) avast! should give better info about what is happening.
2) avast! should do everything possible to delete the file.
Other AV products I have used will mangage to clean/delete the file without having to boot or use a separate cleaner!
Do you mean as long as Avast found the Virus and can not delete it you are still safe from it? Why would that be? If its still oin your pc?
-
Thanks Lars, I fully agree with you :-[
Maybe, the web information about viruses will be wellcoming too ::)
-
Do you mean as long as Avast found the Virus and can not delete it you are still safe from it? Why would that be? If its still oin your pc?
Yes, because even if avast! cannot delete the file it will stop the process that is trying to access the file. Then the virus will not be executed. At least this is what I've been told and it seems right.
But I still think avast! should tell the user this more clearly, AND again - try even harder to free/unlock the file so that it can be deleted (is there functions in Windows to clear all file-locks?)
-
Do you mean as long as Avast found the Virus and can not delete it you are still safe from it? Why would that be? If its still oin your pc?
Yes, because even if avast! cannot delete the file it will stop the process that is trying to access the file. Then the virus will not be executed. At least this is what I've been told and it seems right.
But I still think avast! should tell the user this more clearly, AND again - try even harder to free/unlock the file so that it can be deleted (is there functions in Windows to clear all file-locks?)
Yes this would be nice. I hope the people who make Avast read this.
-
(is there functions in Windows to clear all file-locks?)
No, there certainly isn't.
-
Then what do other AV programs do? I havn't gotten this problem with any other AV. Besides, WHY is the infected file locked ny another program anyway? No program should have gotten access to it anyway (avast! should have stopped that before it was infected). This worries me :-(
-
Then what do other AV programs do?
Well, I would like to know... I still somehow doubt they can delete it.
Recently, we talked with Vlk about a special way to do that, but came to a conclusion that it's too dangerous (other files may get corrupted).
-
Then what do other AV programs do?
Well, I would like to know... I still somehow doubt they can delete it.
Recently, we talked with Vlk about a special way to do that, but came to a conclusion that it's too dangerous (other files may get corrupted).
Yea, having someone delete a file causing Windows to totally screw up would be quite nice.
-
Then what do other AV programs do?
Well, I would like to know... I still somehow doubt they can delete it.
Recently, we talked with Vlk about a special way to do that, but came to a conclusion that it's too dangerous (other files may get corrupted).
Vlk and Igor, please, do not give up... What's related by Erik is, in my opinion, a think that annoy or panic the users... Maybe the other av just do not say anything and delete the file on next boot ::) Probably not but, how to correct this in avast, even eicar.com files are not 'deleted' and give error, specially the temp files.